pfsense 2.4.4p3 - IPv6 on bridged interfaces not working...

kiokoman

make a screeshot of your dhcpv6 server and interfaces eventualy me and @johnpoz have he.net ipv6 configured on our pfsense and it's working without problem, must be some misconfiguration somewhere

ps: that fix is really really old

tomeq82

fix is old, but without it, there is no link-local addresses for interfaces on the bridge.... and nothing will virtually work at all in that kind o setup.

Comparing your screens, this is exactly the same setup. Just keep in mind that my "primary" interface LAN has all IP information needed, while LAN2 and LAN3 are bound with LAN as BRIDGE0 (pure L2 bridge, no L3 config)

kiokoman

ah i understand
i was checking the process
dhcp is launched like this

/usr/local/sbin/dhcpd -6 -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid ix0 ix0.30 ix0.20 ix0.100 igb1

my guess is that it's not serving your LAN2 / LAN3 but only LAN even if it's set as a L2
but than again.. if it was that, you should have problem even with ipv4 ....
let's see what we can find out until someone come to the rescue

did you try any packet capture ?

kiokoman

advanced configuration of the bridge

tomeq82

@kiokoman it is set, but it doesn't do anything than set the flag "auto linklocal" (patch to make link local address is STILL needed!)

kiokoman

i'm replicating your config on my virtual machine, i have the same behavior.
ipv4 work on all interface, ipv6 only on LAN

kiokoman

i get an adress if i configure a /64 but dhcpv6 still not working idk if it's a bug or what

tomeq82

@kiokoman exactly. Only slac works and only for /64 prefixes (which is obvious) DHCPv6 works only on first interface of the bridge

kiokoman

i can't find a way out ...
what i found with packet capture is that there is no answer from dhcp
from console i use struss against the running dhcp. it see request coming from dhclient -4 but it see nothing coming from dhclient -6

tomeq82

@kiokoman when you assign shorter network for each one of the interfaces from the bridge it will work. But will work randomly. This is apparently a bug but...

Derelict

Interfaces get a /64. Anything else is nonsense.

kiokoman

yes, well i was testing with prefix set to /64 for the interface but i don't understand why dhcpv6 is unreacheable

tomeq82

Yes, despite the prefix set (/64 or any else) DHCPv6 doesn't work over bundled interfaces. It should normally as it does for DHCPv4. I have floating rule allowing all traffic in the lan area so it is no issue either here...

BTW, shorter prefixes are used widely in the enterprises, this is not nonsense.

JKnott

@tomeq82 said in pfsense 2.4.4p3 - IPv6 on bridged interfaces not working...:

BTW, shorter prefixes are used widely in the enterprises, this is not nonsense.

Not on the LAN, where /64 must be used. The shorter prefixes are split by routers, eventually winding up at /64s. For example, I get a /56 from my ISP, which I can split up into 256 /64s. I could, if needed, spit it into other prefixes, for routing elsewhere, before getting to the /64s.

tomeq82

@JKnott Correct, nevertheless - in this scenario it doesn't really matter. /64 is not hard limit in any kind (only if you use SLAAC it is "must")

JKnott

@tomeq82 said in pfsense 2.4.4p3 - IPv6 on bridged interfaces not working...:

@JKnott Correct, nevertheless - in this scenario it doesn't really matter. /64 is not hard limit in any kind (only if you use SLAAC it is "must")

From RFC4291

" For all unicast addresses, except those that start with the binary
value 000, Interface IDs are required to be 64 bits long and to be
constructed in Modified EUI-64 format."

Derelict

@tomeq82 well aware that interfaces may be set to prefixes longer than /64 in certain router-to-router links, etc. That is not what is being discussed here. Interfaces with hosts on them need to be /64.